Did you got some feedback on the case ?
I am just thinking, since you mentioned DFS servers, could it be because you have too many SEP components installed ?
I am saying this, because Symantec did mention that on servers there should be only Auto-Protect enabled and why i am mentioning this is because i also encountered problems in the past 5 years i am managing SEP and i've had problems which were fixed by only letting SEP with 1 component, Auto-Protect.
I know is difficult to test on DFS servers, but when you have OS patching you can use that window to test, who knows, maybe it helps.